When a computer operating system is processing, creating, or storing data, then various types of malicious software (malware, computer viruses, etc.) can be used to gather sensitive data for the purpose of stealing (or infiltrating) sensitive information for example personal, financial, or business importance. Malware has been designed to intercept this information in a variety of ways, such as by key logging, random access memory (“RAM”) scraping, cold booting, direct memory access (“DMA”) attacking or obtaining a print screen of the sensitive data from the computer and many other methods that exploit weaknesses in the computer operating system. Malware can also access data that is stored, such as on a hard drive or any, computer memory source, especially when such data is being processed by the operating system.
A number of anti-malware/antivirus strategies exist to detect and remove malware software and to provide real-time protection against the installation of malware software on a computer. However, if the computer has already been compromised and malicious software already exists and is running on the computer, user remains vulnerable to having sensitive data hijacked. Furthermore, these software defined anti-virus mechanisms require frequent virus definition updates and leave a healthy window of vulnerability from when new Malware is introduced to society or when a counter measure or detection and quarantine method is available.
Data security issues become more complex in a network environment. Steps are usually taken to ensure that access to the network is controlled, and that data is not vulnerable to attack during transmission. Many technologies are also available to encrypt data to help ensure privacy of sensitive data. Encrypted data generally depends on the existence of a secret key (or certificate) shared between the communicating parties. This type of data security is often used for online credit/debit card purchases. However, in most system architectures, this type of encryption is often handled by the operating system and as such can be compromised by software running on a preexisting malicious node.